Mod_security is an open source Apache module. This can be considered as firewall for web applications. It secures the system from the attackers. We use mod_security1 for Apache1.x and Apache 2.x uses mod_security2. In case of mod_security1, we can disable it for a domain using the .htaccess file.
If you want to disable mod_sec for one domain then add the following Line in .htaccess
However, we can’t block mod_security2 via .htaccess on domain basis.
The following steps can be used to disable mod_security2 rule for one domain in cPanel servers.
1. Make the directory “/usr/local/apache/conf/userdata/std/2/username/domain.com”
2. Create a file “vhost.conf” in the above location
3. Add the following lines :
<IfModule mod_security2.c> SecRuleEngine Off </IfModule>
To disable mod_secuirty for a particular location :
<LocationMatch specify_the_path_here> <IfModule mod_security2.c> SecRuleEngine Off </IfModule> </LocationMatch>
To disable a particular mod_secuirty rule :
<IfModule mod_security2.c> SecRuleRemoveById give_ruleID_here </IfModule>
Please make sure run the following script after making the changes.
This script will uncomment the following line in apache configuration. It will customise the virtual host to use the particular include file and will restart apache.